[^^^]


Trust anchor

All my domains are under control of stargrave.org’s nameservers. DNSSEC inherently sucks, at least because it is global-scale PKI, so it is not secure against government-level adversary. That is why, my nameservers use DNSCurve technology. All my TLS certificates use DANE, so their subject public key hashes are stored inside DNS TLSA records. However all that certificates are also signed by my own ca.cypherpunks.ru CA.

There are my authoritative DNSCurve PGP signed nameservers below. Of course the trust anchor is my PGP key.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

uz5nulnd504gp3s7sdmdl5l2gxc762hpw926t90k39ltxp67flbccn.ns5.stargrave.org.
uz544mqwggqbf3z4utlhfqn45vpbpq78nc63hpg5u2ut29stkt0pkr.ns6.stargrave.org.
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEIpNVsPbb+nIRVbvGHh7ERWs1C6UFAmAVNVwACgkQHh7ERWs1
C6Uypw//Y0pv0TEL5EsKJ/WCj3KlPz9wsBX7l04qtLPPOfZOVTwtxeG97+4StXi/
QSk2TubOxYYA39V0fFG0YkN1GatN7HG1IaiUJraYlSzMDJXMLVOppDuquIA1GVgI
dgV4agiF63gFqs4u72Ic9seTPx/t6GU0RyEOi9fquEmt8hccfa6QYLnCxU77k5Do
QMIuOpOxDq4Gy6X2n7kPoRltAcCZRkPfuaTjjk7TsSS+r/hluMQWtqTNppj1h4tm
WB7NpQOK6+OjznqymOO0v5vQ7y5ZVO572BoR4+dS03atZaZtXshXCkJLaiTK+HQ9
KCaIBOvlV+8x6WctOEoe0+A0wcIFlGvLJBVJVpjJwb9tf7ALD6zBb9jW2tvp4MX+
rT1x5YPX//l2wxoi2CQ020UJNcdQh6f7I0YPm6wZMKiCIwyAgR7HRUXR5xAbEyPE
mB0d76HTtHrPqlRXyH7YdfbTV6/k1+0lUghtl37aFzhqnLayWxx7lvQBxfD8nfgu
dptlVtcP8QzoEQ+GyGinmYjueUW8wfUvcOxCx+vAfx3eaUvS1VUAazSacbYgGK+H
6xMc86y7WAqTO51dYSbsdVGoTvU008iZFnwj21YHMB9ioMeRCu0HqSxfcimKeLC6
FhzFW8Ln/tweyaY8pOJzunG0ieMd1XazTPIEXH9ryNK7MW+GF/8=
=o3kN
-----END PGP SIGNATURE-----